CVE-2024-30208

Summary

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected
SiemensSIMATIC RTLS Locating Manager0 < V3.0.1.1affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References